security vulnerabilities
Coverage of security vulnerabilities in the Nexus archive.
- Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. The vulnerabilities affect both platforms, which are widely used for enterprise applications and marketing workflows.
- Critical UniFi OS bug lets hackers gain root without authentication
A critical bug in Ubiquiti UniFi OS allows hackers to gain root access without authentication by chaining three fixed vulnerabilities. Attackers can execute remote code with elevated privileges through this exploit.
- Inspector general finds NIST mistakes have made vulnerability database ineffective
An inspector general report found that NIST's National Vulnerability Database (NVD) backlog of unprocessed security vulnerabilities grew from 13,000 in February 2024 to over 27,000 by late 2025, undermining the database's utility and public trust.
- You Should Not Update Your Dependencies
The article argues against regularly updating software dependencies due to risks like breaking changes, security vulnerabilities, and compatibility issues. It references a Hacker News discussion where users debate the trade-offs of dependency management.
- Brussels Needs a New Narrative on China-EU Relations
The article argues that Brussels must develop a strategically positive narrative to address security vulnerabilities in the EU's economic relationship with China. It emphasizes embedding policies within a coherent framework to strengthen Europe's position.
- AI uncovers 38 vulnerabilities in largest open source medical record software
AI discovered 38 critical security vulnerabilities in the largest open-source medical record software, which is used by 100,000 healthcare providers. The findings were reported in a blog post by Aisle and discussed on Hacker News with 52 points and 41 comments.
- The Woes of Sanitizing SVGs
The article discusses the challenges and security risks associated with sanitizing SVG files, highlighting the complexity of ensuring they are safe from malicious code. It references a blog post and Hacker News comments, indicating ongoing community debate.
- Surveillance companies exploiting telecom system to spy on targets’ locations, research shows
Surveillance companies exploited weaknesses in telecom infrastructure to secretly mimic real cellular providers and track victims' locations, according to research. The campaigns leveraged vulnerabilities in the system to enable unauthorized location tracking.
- Even "cat readme.txt" is not safe
The article highlights a security vulnerability where even basic commands like 'cat readme.txt' can expose sensitive data, emphasizing risks in software development practices. It references a Hacker News discussion with 41 points and 19 comments.
- Hackers are abusing unpatched Windows security flaws to hack into organizations
A security researcher disclosed three vulnerabilities in Windows Defender along with exploit code. Hackers are now exploiting these flaws in real-world attacks, as reported by a cybersecurity firm.
- Every Old Vulnerability Is Now an AI Vulnerability
The article discusses how AI is not creating new security vulnerabilities but instead amplifying existing ones, highlighting the risks associated with legacy issues in the context of AI advancements.
- Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass login and execute unauthorized commands over HTTP. No active exploitation reports yet, but warnings urge vigilance against potential future attacks.
- ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
The ThreatsDay Bulletin highlights a hybrid P2P botnet, a 13-year-old Apache RCE vulnerability resurfacing, and 18 other security issues. The report emphasizes overlooked vulnerabilities, questionable security practices, and attackers exploiting trusted platforms.